The Cyberspace Administration of China (CAC) said in a statement it had summoned Ant Financial representatives to a meeting last Saturday and told them they had failed to meet the country’s personal information security standards.

The rap over the knuckles adds to a tough start to the year for Ant Financial which was recently blocked by U.S. regulators from acquiring MoneyGram International Inc.

It is also grappling with new regulations, requiring mobile payment firms to sharply increase the amount of client funds in interest-free reserve accounts, which will likely reduce profits.

Alipay has a popular end-of-year feature that allows its customers to analyse how they have spent their money over the year. At the end of 2017, the feature began enrolling users who wanted to look at their bills into the credit scoring system, Sesame Credit.

That allowed Sesame Credit to collect their data and share the analysis with its partners. Users could only opt out if they unchecked a button on the feature’s landing page.

Sesame Credit apologised last week and cancelled the default option.

CAC said the company should “step up efforts to conduct a comprehensive investigation of the Alipay platform, carry out special rectifications and take effective measures to prevent similar incidents from recurring.”

It quoted Alipay and Sesame Credit as saying that they had learned a “profound lesson” from the incident.

Ant Financial did not immediately respond to a Reuters request for comment.